Hey folks,
I was digging into some transactions with P2PKH addresses and noticed that the nonce r was reused across different public keys. What’s wild is that it looks like all these addresses came from a cloned VM setup, which could explain the oddity.
Here’s what I found:
A bunch of transactions have the same r value but different public keys.
One address even reuses r with the same private key.
This definitely raises some red flags about potential security issues.
Here are some specific examples:
Case 1:
TX 1: r=5c16a3fbafc1ef0, public key = 956fb654bcb2e061
TX 2: r=5c16a3fbafc1ef0, public key = 4b20eabe93918281
Case 2:
TX 1: r=5c16a3fbafc1ef0, public key = 956fb654bcb2e061
TX 2: r=4b20eabef45faf0, public key = 956fb654bcb2e061
TX 3: r=5c16a3fbafc1ef0, public key = 4b20eabe93918281
TX 4: r=4b20eabef45faf0, public key = 4b20eabe93918281
So here are my questions:
Do the keys of addresses that reused r put them at risk?
Could the private key be pulled straight from these transactions?
Are there any tools out there that can automatically spot such vulnerabilities on the Bitcoin blockchain?
Thanks a lot!
Nonce r reuse between P2PKH addresses Are the keys at risk?
1 reply 378 views
This looks like two equations with three unknowns and it cannot be solved.
We have
s1 = k−1(e1 + r*d1)
s2 = k−1(e2 + r*d2)
Even though s1, s2, r, e1 and e2 are known we still have 3 unknowns: k, d1 and d2. Such equation cannot be solved.
The reason reusing k (the ephemeral key) reveals the private key is because with the same key d in equation above is the same so we will have 2 equations with 2 unknowns which can be easily solved.